802.11i is implemented as WPA2 (Wi-Fi Protected Access 2). It is used to supersede the WEP (Wired Equivalent Privacy), which is known to have several severe weaknesses. 802.11i uses the (AES) advanced encryption standard block cipher as the form of electronic encryption.
802.11i Data Frame Details
EAP packets are encapsulated in EAP-Packet Frame to enable them to cross the LAN segment between the supplicant and the authenticator. EAPoL also provides some control features; for example, an EAPoL-Start Message was defined to initiate the EAPoL exchange; similarly, an EAPoL-Logoff message was defined to terminate a connection.
Even though these two control messages are part of the IEEE 802.1X-2001, the IEEE 802.11i draft does not require them. IEEE 802.1X-2001 also defined an optional capability to use the EAPoL-Key message to exchange cryptographic key, but no mechanism was defined to enable keys to be exchanged securely.
802.11i Connection Sequence Diagrams
IEEE 802.11r
IEEE 802.11r is an amendment to the 802.11 standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure hand-offs from one base station to another managed in a seamless manner.
802.11r Data Frame Details
During the initial association in a mobility zone, a 802.11r capable STA and AP perform an Open System Authentication exchange, followed by a a FT Reassociation Exchange that differs from 802.11 Reassociation Exchange by including an MDIE in the Reassociation Request to indicate that the STA wishes to use 802.11r. Moreover, a Fast Transition Information Element (FTIE) is included in the Reassiciation Response frame issued by the AP. The FTIE carries the R0KH-ID as well as the current access point's R1KH-ID. After successful 802.11X authentication, the AP and STA engage in a FT four-way handshake that differs from the 802.11i handshake by carrying extra MDIE and FTIE components, needed for the derivation of PMK-R1s and PTKs.
802.11r Connection Sequence Diagrams
IEEE 802.11k
IEEE 802.11k is an amendment to the 802.11 standard for radio source management. It defines and exposes radio and network information to facilitate the management and maintenance of a mobile Wireless LAN.
802.11k Data Frame Details
Pros
- Guaranteed to work on all existing hardware.
- No need for separate negotiation, configuration or policy
- No changes to existing security mechanisms.
- RRM uses implemented ciphersuites.
- No modifications to 4-way handshake.
- Compatible with WPA2 driver model.
- Driver passes up SMI-Information frames to OS as data
- OS reflects SMI-Information frames back down to the driver via OIDs
- Enables sending of RRM frames over the DS in future.
Cons
- Requires allocation of new Ethertype
- Experimental Ethertype used until actual Ethertype allocated
IEEE 802.11w
IEEE 802.11w is an amendment to the 802.11 standard to increase the security of its management frames. However, the frames are vulnerable to be eavesdropped, forged and distorted before the Four-Way Handshake complete.
802.11w Data Frame Details
http://flylib.com/books/en/2.799.1.50/1/
http://www.codealias.info/technotes/the_ieee_802.11r_standard_for_fast_wireless_handoffs
http://en.wikipedia.org/wiki/IEEE_802.11r-2008
http://www.google.com.sg/url?sa=t&rct=j&q=IEEE+802.11k+data+frame+details&source=web&cd=1&ved=0CCwQFjAA&url=https%3A%2F%2Fmentor.ieee.org%2F802.11%2Fdcn%2F04%2F11-04-0724-01-000k-security-conceptual-model.ppt&ei=WVcrT_mxPIqIrAfazqC_DA&usg=AFQjCNG5E5p-16R2YLGaTA62_d0KjD_FSw
http://en.wikipedia.org/wiki/IEEE_802.11w-2009
No comments:
Post a Comment